Key skills
AzureDNSRPowerShellIAMAzure ADEntra IDActive DirectoryCommunicationRemote Work
About this role
Role Overview
- Administer a multi-domain, multi-forest Active Directory environment including user, group, and computer object lifecycle management, OU structure, delegation models, and trust relationships
- Manage the full lifecycle of Group Policy Objects (GPOs), including design, implementation, auditing, and cleanup
- Maintain AD Sites and Services, DNS integration, subnet mappings, and replication topology
- Monitor and maintain Domain Controller health, replication status, FSMO roles, and SYSVOL/DFS-R consistency
- Manage SPNs, gMSAs, and Kerberos authentication dependenciesMentor and coach engineers through design reviews, code reviews, and knowledge sharing, promoting consistent and high-quality delivery.
- Maintain documentation including technical designs, workflows, configurations, and operational procedures.
- Contribute to identity strategy and roadmap planning, identifying opportunities to enhance automation, security, and user experience.
- Use PowerShell as the primary tool for data collection, reporting, bulk operations, and automation
- Develop scripts for auditing, compliance reporting, and operational health monitoring
- Build automation for infrastructure lifecycle processes such as DC replacement and recovery
- Support Active Directory integration with CyberArk for credential vaulting, rotation, and privileged session management
- Manage privileged accounts and service account credentials in alignment with PAM policies
- Collaborate on CPM dependencies, credential policies, and troubleshooting PAM-to-AD integrations
- Partner with PKI teams to ensure AD Certificate Services configurations align with enterprise standards
- Implement tiered administration models and protected group governance
Requirements
- Bachelor’s degree recommended; equivalent experience considered.
- 6 years of hands-on experience administering Active Directory in enterprise environments
- Deep expertise in AD architecture, including object management, GPOs, DNS, replication, and domain controller operations
- Advanced PowerShell scripting and automation capabilities
- Strong understanding of Kerberos, SPNs, gMSAs, and delegation models
- Experience working with CyberArk or similar PAM solutions integrated with Active Directory
- Hands-on experience with AD disaster recovery and multi-domain/multi-forest environments
- Understanding of Active Directory’s role within identity governance and IAM ecosystems
- Experience collaborating with PKI teams and supporting AD-integrated certificate services
- Experience with hybrid identity environments (Entra ID / Azure AD Connect)
- Strong knowledge of AD security hardening practices and attack mitigation techniques
- Experience generating audit evidence and supporting compliance requirements
- Experience with SIEM platforms such as CrowdStrike or equivalent
- Experience supporting regulated or customer driven security requirements, including U.S. Government environments; familiarity with CMMC and NIST SP 800-171 aligned expectations preferred.
- Strong communication and documentation skills, with the ability to translate technical concepts into business impact.
- Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and culture.
- Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership.
Tech Stack
- Azure
- DNS
Benefits
- Health insurance
- 401(k) matching
- Flexible work hours
- Paid time off
- Remote work options